-
漏洞信息

漏洞名称:Eeye IRIS缓冲区溢出漏洞

紧急程度:中危

漏洞类型:边界条件错误

发布日期:2000-10-20 00:00:00

更新日期:2005-10-20 00:00:00

攻击路径:远程※本地

详细介绍:

eEye IRIS 1.01 beta版本存在漏洞。远程攻击者可以借助大量UDP连接来导致服务拒绝。

-
公告与补丁

The vendor has provided both a statement on this issue (attached in the 'Credit' section) and a work around: " The problem triggered by this "DoS" seems to result from filling packet buffers faster than Windows can paint them to the screen. If you are really worried about this, until Iris is out of beta and fixes the "problem", then we recommend you turn off Iris's Capture packet display feature and use Iris's decode view instead."

-
漏洞信息 (20184)

source: http://www.securityfocus.com/bid/1627/info
IRIS from eEye Digital Security is a protocol analyzer geared towards network management, it is currently in BETA. This product was formerly known as SpyNet CaptureNet. Certain versions of the this software are vulnerable to a remotely triggered buffer overflow attack. This attack is orchestrated by a malicious user launching multiple UDP sessions to random ports on the machine which IRIS resides on (and is in operation on). The net result of this buffer overflow is that the product ceases to function and may drive system resources to 100% before exiting. It may be possible that this overflow (a heap overflow according to the attached advisory) could result in a system compromise. No information indicating that this is the case has been released.
http://www.exploit-db.com/sploits/20184.zip

-
漏洞描述

Iris contains a flaw that may allow a remote denial of service. The issue is triggered when a malicious users send a overly large amount of UDP connections to random ports, and will result in loss of availability for the platform.

-
时间线

公开日期:
2000-09-01

发现日期:
Unknow

利用日期:Unknow

解决日期:Unknow

-
解决方案

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

-
漏洞讨论

IRIS from eEye Digital Security is a protocol analyzer geared towards network management, it is currently in BETA. This product was formerly known as SpyNet CaptureNet. Certain versions of the this software are vulnerable to a remotely triggered buffer overflow attack. This attack is orchestrated by a malicious user launching multiple UDP sessions to random ports on the machine which IRIS resides on (and is in operation on). The net result of this buffer overflow is that the product ceases to function and may drive system resources to 100% before exiting. It may be possible that this overflow (a heap overflow according to the attached advisory) could result in a system compromise. No information indicating that this is the case has been released.

-
漏洞利用

-
解决方案

The vendor has provided both a statement on this issue (attached in the 'Credit' section) and a work around:

" The problem triggered by this "DoS" seems to result from filling packet buffers faster than Windows can paint them to the screen. If you are really worried about this, until Iris is out of beta and fixes the "problem", then we recommend you turn off Iris's Capture packet display feature and use Iris's decode view instead."